Routing Tables and ARP

From: Bobby Foster <rob(at)duck.realdecoy.com>
Date: Tue Jun 17 2003 - 19:41:30 EDT

Network Map:

	+--------------+             

	|     LAN      |

	|192.168.1.0/24i---(HUB)


	|              |        \    DC1-> +---------------+


	+--------------+         \---------i   GATEWAY     | <-DC0
	                                   |zzz.zzz.zzz.33 i-------- CABLE
	                         /---------i               |         MODEM
	+---------------+       /    DC2-> +---------------+

	|      DMZ      |      /

	|xxx.xxx.xxx.67 i-(HUB)

	|yyy.yyy.yyy.61 |

	|               |

	+---------------+


The 2 Problems:
	# I don't understand exactly what's going on here. Help Please.

	1. yyy.yyy.yyy.61 keeps doing down on the inside only. How to fix?
	   # this has something to do with arp entries.
	   gate /bsd: arp info overwritten for xxx.xxx.xxx.67 by 
00:90:c6:ee:38:27 on dc2
	   gate /bsd: arp: attempt to overwrite permanent entry for 
yyy.yyy.yyy.61 by 00:11:03:df:b2:e7 on dc2
	   gate /bsd: arp info overwritten for yyy.yyy.yyy.61 by 
00:10:77:94:e7:9e on dc2
	   gate /bsd: arp info overwritten for xxx.xxx.xxx.67 by 
00:10:77:94:e7:9e on dc2
	   gate /bsd: arp info overwritten for xxx.xxx.xxx.67 by 

00:90:c6:ee:38:27 on dc2

          # even when i make the entry permament the connection goes down. xxx.xxx.xxx.67 works though...

	   Pinging yyy.yyy.yyy.61 with 32 bytes of data:
	   Reply from yyy.yyy.yyy.61: bytes=32 time<10ms TTL=127
	   Request timed out.
	   Request timed out.
	   Request timed out.
	   # this always seems to happen. the first ping works, then they 

stop. if i try again right after none work.

        2. dhcp requests from xxx.xxx.xxx.67 & yyy.yyy.yyy.61 only work when first plugged directly to the CABLE MODEM

>From the Gate:

        pf.conf:

		cable = "dc0"
		lan   = "dc1"
		dmz   = "dc2"
		scrub in all

		nat on $cable  from 192.168.1.0/24 to any             -> 
($cable)
		nat on $dmz    from 192.168.1.0/24 to yyy.yyy.yyy.61  -> 
yyy.yyy.yyy.60
		nat on $dmz    from 192.168.1.0/24 to xxx.xxx.xxx.67  -> 

xxx.xxx.xxx.66

		pass  on lo0 all
		pass  on $lan all keep state
		pass  on $dmz all keep state
	
		block on $cable all
		pass out on $cable keep state
		pass  in on $cable inet proto icmp all keep state
		pass  in on $cable inet proto tcp from any to any port 
$allow_tcp flags S/SA keep state
Do you need help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:
Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related openbsd.org Links
advocacy
announce
bugs
ipv6
misc
ports
ports-changes
security-announce
smp
source-changes
tech
Request more information about Pantek
		pass  in on $cable inet proto tcp from any to any port > 
20000 keep state #netserver
		pass  in on $cable inet proto udp from any to any port 

$allow_udp keep state

	ifconfig -A:
		dc0: 
flags=8943 mtu 1500
		        address: 00:60:bf:d7:a3:18
		        media: Ethernet autoselect (10baseT)
		        status: active
		        inet zzz.zzz.zzz.33 netmask 0xffffff80 broadcast 
zzz.zzz.zzz.127
		dc1: flags=8843 
mtu 1500
		        address: 00:60:bf:d7:8c:9b
		        media: Ethernet autoselect (100baseTX full-duplex)
		        status: active
		        inet 192.168.1.1 netmask 0xffffff00 broadcast 
192.168.1.255
		dc2: 
flags=8943 mtu 1500
		        address: 00:60:bf:d7:9f:33
		        media: Ethernet autoselect (100baseTX full-duplex)
		        status: active
		        inet 192.168.0.1 netmask 0xffffff00 broadcast 
192.168.0.255
		        inet xxx.xxx.xxx.67 netmask 0xffffff00 broadcast 
xxx.xxx.xxx.67
		        inet yyy.yyy.yyy.61 netmask 0xffffff00 broadcast 

yyy.yyy.yyy.61

	brconfig bridge0:
		bridge0: flags=41
	        Configuration:
	                priority 32768 hellotime 2 fwddelay 15 maxage 20
	        Interfaces:
	                dc2 flags=3
	                        port 3 ifpriority 128 ifcost 55
	                dc0 flags=3
	                        port 1 ifpriority 128 ifcost 55
	        Addresses (max cache: 100, timeout: 240):
	                00:90:c6:ee:38:27 dc2 1 flags=0<>
	                00:11:03:df:b2:e7 dc2 0 flags=0<>
	                00:50:f4:11:db:37 dc2 0 flags=0<>
	                00:10:77:94:e7:9e dc0 1 flags=0<>

	
>From the Internet:
	>traceroute -n zzz.zzz.zzz.33 | tail -1
Do you need more help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:
Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related openbsd.org Links
advocacy
announce
bugs
ipv6
misc
ports
ports-changes
security-announce
smp
source-changes
tech
Request more information about Pantek
	zzz.zzz.zzz.33 35.165 ms  36.313 ms  35.592 ms
	
	( same results for xxx.xxx.xxx.67 & yyy.yyy.yyy.61 )
	
	> ping -c 5 zzz.zzz.zzz.33 | tail -2
	5 packets transmitted, 5 packets received, 0% packet loss
	round-trip min/avg/max/mdev = 38.934/41.215/44.475/2.296 ms
	
	( same results for xxx.xxx.xxx.67 & yyy.yyy.yyy.61 )
	
>From the Lan (This is the problem!):
	traceroute to zzz.zzz.zzz.33, 64 hops max, 40 byte packets
	 1  24.42.104.33  0.272 ms  0.233 ms  0.223 ms

	traceroute to xxx.xxx.xxx.67, 64 hops max, 40 byte packets
	 1  192.168.1.1  0.266 ms  0.236 ms  0.213 ms
	 2  xxx.xxx.xxx.xxx  0.385 ms  0.408 ms  0.394 ms
	
	traceroute to yyy.yyy.yyy.61, 64 hops max, 40 byte packets
	 1  192.168.1.1  0.230 ms  0.236 ms  0.213 ms
	 2  * * *
	 3  * * *
	 4  * * *
	 5  * * *
	 6  * *^C

That's it. What should i do to fix this. Received on Tue Jun 17 19:55:27 2003